It is desirable to prevent an unauthorized party reading data on data storage. Some data storage systems utilize Data at Rest Encryption (DARE) to protect data from unauthorized access. DARE involves encoding data based on one or more cryptographic keys. Some data storage systems generate and store key(s) on the data storage. However, this may increase the probability of an unauthorized party obtaining both the encrypted data and the key(s). Therefore, some storage systems utilize an external key server to store the key(s) separately from the storage system. A key server may also be referred to as a key manager.
An external key server is frequently used for generating and storing keys because it is typically a self-contained system that is not downloading potentially malicious applications. When the data storage boots up, it authenticates to the key server and downloads the key(s) required to decrypt encrypted data stored on the data storage. Some systems download the key(s) from the key server every time data is decrypted. This results in performance problems and decreased efficiency. Therefore, some data storage systems maintain a local copy of the key(s) in volatile memory for decrypting data. The local copy of the key(s) is lost when the storage system powers down or reboots. However, an unauthorized party obtaining physical access to the data storage may be able to use the local copy of the key(s) to read encrypted data.
Some solutions require an ignition key on reboot. An ignition key may be a key, password or other information not stored on the data storage that is provided on reboot. Other solutions instruct a key server to stop sending key(s) if the data storage is in unauthorized hands. However, these solutions are only effective if the data storage is rebooted.
Other solutions send a message to the data storage instructing the data storage to delete local copies of key(s). However, this is ineffective if the data storage is disconnected from a network.